cups: 2.4.1 -> 2.4.2

Fixes CVE-2022-26691. https://github.com/OpenPrinting/cups/releases/tag/v2.4.2
2024-11-10 08:39:08 +03:00 · 2022-05-27 12:03:37 +02:00 · 2022-05-27 12:03:37 +02:00 · c590c23f49
commit c590c23f49
parent ccdd189373
1 changed files with 17 additions and 3 deletions
--- a/pkgs/misc/cups/default.nix
+++ b/pkgs/misc/cups/default.nix
@ -1,5 +1,6 @@
 { lib, stdenv
 , fetchurl
+, fetchpatch
 , pkg-config
 , removeReferencesTo
 , zlib
@ -26,19 +27,32 @@ stdenv.mkDerivation rec {
  pname = "cups";

  # After 2.2.6, CUPS requires headers only available in macOS 10.12+
-  version = if stdenv.isDarwin then "2.2.6" else "2.4.1";
+  version = if stdenv.isDarwin then "2.2.6" else "2.4.2";

  src = fetchurl (if stdenv.isDarwin then {
    url = "https://github.com/apple/cups/releases/download/v${version}/cups-${version}-source.tar.gz";
    sha256 = "16qn41b84xz6khrr2pa2wdwlqxr29rrrkjfi618gbgdkq9w5ff20";
  } else {
    url = "https://github.com/OpenPrinting/cups/releases/download/v${version}/cups-${version}-source.tar.gz";
-    sha256 = "sha256-xzOfdfjU8t7FDGczQaRfwGtohbttQ2bWv1mk5sEK4Xg=";
+    sha256 = "sha256-8DzLQLCH0eMJQKQOAUHcu6Jj85l0wg658lIQZsnGyQg=";
  });

  outputs = [ "out" "lib" "dev" "man" ];

-  patches = lib.optional (version == "2.2.6") ./0001-TargetConditionals.patch;
+  patches = lib.optionals (version == "2.2.6") [
+    ./0001-TargetConditionals.patch
+    (fetchpatch {
+      name = "CVE-2022-26691.patch";
+      url = "https://github.com/OpenPrinting/cups/commit/de4f8c196106033e4c372dce3e91b9d42b0b9444.patch";
+      sha256 = "sha256-IKOtV7bCS6PstwK6YqnYRYTeH562jWwkley86p+6Of8=";
+      excludes = [ "CHANGES.md" ];
+    })
+    (fetchpatch {
+      name = "CVE-2022-26691-fix-comment.patch";
+      url = "https://github.com/OpenPrinting/cups/commit/411b6136f450a583ee08c3880fa09dbe837eb3f1.patch";
+      sha256 = "sha256-dVopmr34c9N5H2ZZz52rXVnHQBuDTNo8M40x9455+jQ=";
+    })
+  ];

  postPatch = ''
    substituteInPlace cups/testfile.c \